About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
CVSS Score: 10.0 (Critical)
Identifier: CVE-2025-20337
Exploit or POC: No
Update: CVE-2025-20337 – Cisco Security Advisory
Description: CVE-2025-20337 is a critical vulnerability in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) versions 3.3 and 3.4. The flaw arises from insufficient validation of user-supplied input in an internal API, allowing an unauthenticated, remote attacker to submit crafted requests that result in arbitrary command execution as the root user. Exploitation requires no authentication and can lead to full system compromise.
Affected versions include:
Although no confirmed exploitation has been seen in the wild, the vulnerability is highly critical and could be rapidly leveraged by attackers due to its ease of exploitation and impact.
Mitigation Recommendation: Upgrade immediately to Cisco ISE 3.3 Patch 7 or 3.4 Patch 2 (or later). Restrict access to management interfaces until patched, monitor for unusual activity, and validate system integrity post-upgrade. Patching remains the only effective mitigation strategy.